Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Security Infrastructure

2018 Predictions: Customers Demand Outcomes to End Balkanization of Security Practices

“It’s much more pleasant to be obsessed over how the hero gets out his predicament than it is over how I get out of mine” – Woody Allen

“It’s much more pleasant to be obsessed over how the hero gets out his predicament than it is over how I get out of mine” – Woody Allen

Today, security is kind of an artisanal industry. With a total addressable market north of $85 billion per year – and not one player above 5 percent – it is a chaotic industry of niches: Endpoint, AV, Cloud, Network/Infrastructure, Application, Compliance, and the list goes on and on.

Paradoxically, while the overwhelming array of choices has given technologists a lot to evaluate, they have not gone far enough to lower the actual security risk facing organizations. And businesses are starting to take note. As organizations are taking closer looks at the ROI of their security solutions, they’re realizing that less is more

In 2018, organizations will start to focus more on outcomes than simply checking all of the boxes with niche security tools. As a result, security technology will need to prove how it supports top business initiatives. Here are the factors that organizations will be considering.

Organizations will start to focus on prevention as much as detection 

The myth of being able to detect every breach, insider threat or lateral movement has been punctured. Security teams are realizing they need to prepare themselves for “when” they will be breached, rather than “if.”  

Advertisement. Scroll to continue reading.

In the 1970s, the psychologist Ernest Hilgard developed the idea of divided consciousness to reflect how humans can have a divided brain. We so want to stop threats from entering our environment that we can miss the opportunity to reduce the locus of damage attackers can do when they breach our information security defenses. In 2018, these two halves will come together to enable a more integrated and effective cyber posture that values prevention as much as detection.

Back to basics for data center and cloud

Speaking of detection, the spate of ransomware attacks and their ability to spread within enterprises is causing security teams to evaluate whether their applications and infrastructure are enablers or defenders of their organizations. 

Four key focus areas security teams must focus on in their data centers include:

– Patching

– Authentication

– Vulnerabilities

– Micro-segmentation

Each technology in itself helps provide a more resilient and robust preventive posture. Together they are like a band of superheroes reducing the risk of fast moving threats.

Ending blind spots

There is an old, almost hackneyed adage in security that you “can’t protect what you can’t see.” Yet this has not stopped many organizations from effectively flying blind. Traditionally, it takes painful, manual work to create strong visibility of an organization’s computing assets. In 2018, this will change as organizations spend more time creating Application Dependency Maps (ADM) of their environments (i.e., the roadmap a hacker can use) and will turn to Cloud Access Security Brokers (CASB) to understand and create security policies for their increasing consumption of SaaS applications.

End customers will drive compliance as much as regulators

In the age of digital transformation, most businesses processes are connected to the Internet.  This not only means a company’s data is potentially exposed, it also means, a company’s customers are exposed. Larger enterprise customers today are increasingly inspecting how their vendors and partners protect their data, and therefore their customers’ data. Being able to demonstrate compliance will be a table stakes condition of doing business for security vendors.

Written By

Alan has been a successful entre­pre­neur, technology executive, and board member for over 25 years for a range of iconic companies, including DCVC-backed Illumio, Nicira (acquired by VMware), Airespace (acquired by Cisco), Cisco (where he led the $25 billion enterprise marketing and solutions orga­ni­za­tion), General Growth Properties, and IBM. He has authored over 200 articles, undertaken over 1,000 press interviews, and delivered over 100 keynotes at industry conferences. He received a bachelor’s degree in English from SUNY Buffalo, a master’s degree in English from the University of Vermont, a master’s degree in inter­na­tional affairs and economics from the American University School of Inter­na­tional Service, and an MBA from New York University.

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing for the latest cybersecurity threats, trends, and expert insights.

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join this live webinar as we break down why email-layer defenses alone can't keep pace with the modern phishing ecosystem, how agentic AI is changing the capacity equation for security teams, and more.

Register

This year's summit will help organizations learn how to utilize tools, controls, and design models needed to properly secure cloud environments. Interact with leading solution providers and other end users facing similar challenges in securing a variety of cloud deployments.

Register

People on the Move

Tracey Mustacchio has joined Everfox as Chief Marketing Officer.

Mark Carter has been appointed Chief Information Security Officer at Socure.

Spektrum Labs has named Mark Cravotta Chief Operating Officer.

More People On The Move

Expert Insights

Four decades of incident response experience suggest that exploits are often the symptom, not the root cause, of today’s cybersecurity failures.

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest cybersecurity news, threats, and expert insights. Unsubscribe at any time.